formbook | 0c6d57557120decedc9a102794ea95bcaf64529eb1f18058e4df62c34b724988 | Triage

Sharing

General

Target

0c6d57557120decedc9a102794ea95bcaf64529eb1f18058e4df62c34b724988
Size

464KB
Sample

211125-xf6xrsbee5
MD5

4d1b51fe258be32d346b3507abeddcb3
SHA1

977a34967b0b42a19969dd1106ef74439d306dce
SHA256

0c6d57557120decedc9a102794ea95bcaf64529eb1f18058e4df62c34b724988
SHA512

27330f64606cfebbe834e2d419e5f34207c1bfbbae22da52763c8fe8e48a001d52e2c5ab1b93ee9cfd2e5b4df02c09628f82be2cd5d340ca0711c004aed1ec12

Score

10^/10

formbook og2w rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

og2w

C2

http://www.celikkaya.xyz/og2w/

Decoy

drivenexpress.info

pdfproxy.com

zyz999.top

oceanserver1.com

948289.com

nubilewoman.com

ibizadiamonds.com

bosniantv-australia.com

juliehutzell.com

poshesocial.events

icsrwk.xyz

nap-con.com

womansslippers.com

invictusfarm.com

search-panel-avg-rock.rest

desencriptar.com

imperialexoticreptiles.com

agastify.com

strinvstr.com

julianapeloi.com

Targets

- Target
  
  0c6d57557120decedc9a102794ea95bcaf64529eb1f18058e4df62c34b724988
- Size
  
  464KB
- MD5
  
  4d1b51fe258be32d346b3507abeddcb3
- SHA1
  
  977a34967b0b42a19969dd1106ef74439d306dce
- SHA256
  
  0c6d57557120decedc9a102794ea95bcaf64529eb1f18058e4df62c34b724988
- SHA512
  
  27330f64606cfebbe834e2d419e5f34207c1bfbbae22da52763c8fe8e48a001d52e2c5ab1b93ee9cfd2e5b4df02c09628f82be2cd5d340ca0711c004aed1ec12
Score

10^/10

formbook og2w rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook Payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookog2wratspywarestealertrojan